Total
3870 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9513 | 1 Atlassian | 1 Activity Streams | 2024-11-21 | N/A |
| Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks. | ||||
| CVE-2017-9285 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-11-21 | N/A |
| NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | ||||
| CVE-2017-8340 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | ||||
| CVE-2017-7912 | 1 Hanwhasecurity | 2 Srn-4000, Srn-4000 Firmware | 2024-11-21 | N/A |
| Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication. | ||||
| CVE-2017-7497 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| The dialog for creating cloud volumes (cinder provider) in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant. | ||||
| CVE-2017-7471 | 1 Qemu | 1 Qemu | 2024-11-21 | 9.0 Critical |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | ||||
| CVE-2017-6912 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | ||||
| CVE-2017-5863 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | ||||
| CVE-2017-5212 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | ||||
| CVE-2017-2664 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. | ||||
| CVE-2017-18543 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-11-21 | N/A |
| The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations. | ||||
| CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | ||||
| CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | ||||
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | ||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | ||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | ||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | ||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | ||||
| CVE-2017-18380 | 1 Edx | 1 Edx-platform | 2024-11-21 | 7.5 High |
| edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | ||||
| CVE-2017-18190 | 4 Apple, Canonical, Debian and 1 more | 4 Cups, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | N/A |
| A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | ||||